Enabling http/2 on your sites with Ubuntu and nginx

HTTP is the most important protocol on the web, but hasn’t had a major update in a long time (HTTP 1.1 was introduced in 1997). In May 2015 however the HTTP 2.0 (HTTP/2) standard was published. The new standard promises increased speed.

As of right now http/2 will only work on HTTPS sites. Although the HTTPS requirement isn’t in the standard (although it nearly did), the most popular browser implementations (Chrome, Firefox, etc) don’t support http/2 with anything but HTTPS.

Now to enable http/2 on your Ubuntu server, just run this command (as root, prefix with sudo when necessary):

add-apt-repository ppa:nginx/development

Then run apt-get update and apt-get install nginx as usual. This will install the latest mainline version of nginx (http/2 support is included as of version 1.9.5). Despite the name of the PPA repository this is actually the recommended version: “We recommend that in general you deploy the NGINX mainline branch at all times”.

Now there is a slight problem: if you use this method on the current (as of writing) version of Ubuntu LTS (14.04) then an important part of http/2 will not work: ALPN. This TLS extension is used to enable http/2 during the connection phase. Without it another roundtrip to the server is needed for browser and server to agree on using http/2.

To enable ALPN you need a version of nginx that is built with OpenSSL 1.0.2. This version of OpenSSL is included from Ubuntu version 15.10 onwards (including 16.04 LTS). When installing on Ubuntu 14.04 the nginx PPA repository assumes you have the default version of OpenSSL installed (v1.0.1), hence no ALPN support.

That leaves three options: upgrade to 15.10 (not an LTS release, so not preferable on servers), build the latest version of nginx and OpenSSL yourself (which creates an upgrade burden) or live with having slightly crappy http/2 support until Ubuntu 16.04 LTS is available.

This entry was posted by GHDpro on December 11, 2015 at 10:37 pm, and is filed under Server Administration. Follow any responses to this post through RSS 2.0.Both comments and pings are currently closed.